Global reader doesn't see all all subscriptions in tenant

Anonymous
2023-02-17T06:41:08.29+00:00
However, I am a member of the Global reader role, so I do not see all the subscriptions in the tenant. 



There is much more subscriptions then is on screen shot.

Thanks for advice.
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
974 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Tech-Hyd-1989 5,816 Reputation points
    2023-02-17T08:58:05.2233333+00:00

    Hello Zuscic Pavel

    If a Global Reader doesn't see all subscriptions in a tenant, it could be due to one of the following reasons:

    The Global Reader doesn't have access to the subscriptions: To view all subscriptions in a tenant, a Global Reader must have access to the subscriptions. You can grant access to the Global Reader by assigning the appropriate role to the Global Reader at the subscription level.

    The Global Reader is only able to see subscriptions in a specific directory: If the Global Reader is only able to see subscriptions in a specific directory, you can change the default directory by following these steps:

    • Go to the Azure portal, in the default subscription filter section, select the appropriate directory and subscription.
    • If you have been granted access to one or more resource groups, rather than to an entire subscription, select the subscription to which that resource group belongs.[0] You'll then work in the context of that subscription, but will only be able to access the designated resource group(s).
    • The Global Reader is only able to see subscriptions in a specific management group: If the Global Reader is only able to see subscriptions in a specific management group, you can change the default management group by following these steps:
    • Go to the Azure portal.
    • In the Default subscription filter section, select the appropriate management group and subscription
    • If you have been granted access to one or more resource groups, rather than to an entire subscription, select the subscription to which that resource group belongs. You'll then work in the context of that management group, but will only be able to access the designated resource group(s).

    https://learn.microsoft.com/en-us/azure/azure-portal/set-preferences#subscription-filters

    https://azure.microsoft.com/en-us/updates/updates-to-subscription-filtering/

    Let me know if you need more help with this.

    If this does answer your question, please feel free to mark it as the answer as a token of appreciation.

    2 people found this answer helpful.
    0 comments No comments

  2. Joseph Clementi 0 Reputation points
    2023-03-21T17:55:39.46+00:00

    Unlike the Global Admin role the Global Reader role does not have the option to enable the "Access management for Azure resources" on the https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Properties page. As such the only way to really go about this would be to have a Global Admin or another privileged account create a security group, add yourself / the appropriate users to it, and then assign that group as a Reader in the in the IAM settings on each subscription.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.